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Sir: 

This Reply Brief is submitted in response to the Examiner's Answer mailed on 
April 29, 2008. The following remarks are intended to further focus the issues in this appeal. 
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1. Status Of Claims 

Claims 13, 20-21, 23-28, 30-33, 35-40, 42-52 and 54-61 are pending and finally 
rejected. Appellants appeal from the rejection of all pending claims. Claims 1-12, 14-19, 22, 29, 
34, 41, and 53 are canceled. 

2. Grounds Of Rejection Presented For Review 

1. Are claims 13, 20-21, 23-28, 30-33, 35-36, 38-40, 42-52, 54-55, and 57-61 are 
rejected as obvious under 35 U.S.C. §103(a) over Deo et al. (U.S. Patent No. 6,970,891) and 
Carlisle et al. (U.S. Patent No. 5,649,1 18)? 

2. Are claims 37 and 56 obvious over Deo et al., Carlisle et al, and Brittenham et 
al. (U.S. Patent No. 6,880,084)? 

3. Response To Examiner's Argument 

In the Examiner's Answer, the prior rejections were maintained and additional 
comments were presented in response to the Appellants' Brief filed on February 4, 2008. 
Appellants stand on the arguments presented in the Appellants' Brief and present the following 
comments directed to the Examiner's Answer. 

At page 10 of the Appellants' Brief, Appellants argued that Deo et al. did not 
teach or suggest "a client having a plurality of applications" residing thereon "wherein the one or 
more attributes associated with the directory are used to control access to the directory by the 
plurality of applications." 

At Argument (1) starting at page 37 of the Examiner's Answer, the Examiner 
responds by stating that column 3, lines 25-43 of Deo et al., and in particular the statement that 
"one or more nonresident applications 116, which execute external to the smart card (e.g., 
programs on kiosks, point of purchase machines, etc.)," teaches or suggests "a client having a 
plurality of applications residing thereon." 
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Appellants submit that the passage cited by the Examiner does not explicitly state 
that a plurality of applications can exist on a single client. Further, column 3, line 48 of Deo et 
al. explains that such non-resident applications are "downloaded" for a particular session. Even 
if Deo et al. describes a plurality of applications residing external to a smart card, it does not 
teach or suggest that one or more attributes associated with a directory are used to control access 
to the directory by the plurality of applications. 

At page 1 1 of the Appellants' Brief, Appellants argued that obviousness had not 
been established, since modifying Deo et al. in the manner proposed by the Examiner would 
have been contrary to the intended purpose of Deo et al.'s smartcard system. Specifically, 
Appellants argued that it would have been contrary to the intended purpose of Deo et al. to 
modify it so that a client uses a passcode or key to access data in a directory, cell group or cell, 
because doing so would render Deo et al.'s access control mechanism obsolete. 

At Argument (2) starting at page 38 of the Examiner's Answer, the Examiner 
cites case law stating that "one cannot show nonobviousness by attacking the references 
individually." Also, at page 40 of the Examiner's Answer, the Examiner alleges that "such a 
response to appellant's arguments in that the motivation to combine Deo with Carlisle would 
have allowed the ability [to] control access to directories or sub-folders on a smart card. Because 
Deo is directed only to applications/files, Carlisle's security-based approach to directories does 
not destroy the purpose of Deo." 

In response, first, Appellants submit that they are not attacking the references 
individually, but are attacking the Examiner's proposed reason to combine at page 1 1 of the 
Appellants' Brief. Second, the Examiner's response simply re-states the alleged reason to 
combine Deo and Carlisle, and does not provide any reason why providing passcodes or keys 
would "not" render Carlisle et al.'s access control mechanism obsolete. If one were to combine 
Deo et al. and Carlisle et al. as suggested by the Examiner, one would end up with passcodes or 
keys, and an access control mechanism on a smart card. It would not make any sense to do this, 
since access to files is already controlled in Deo et al. 

At page 13 of the Appellants' Brief, Appellants argued that obviousness had not 
been established, since the alleged reason to combine was not from the prior art. In particular, 
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the use or "passwords or keys" to provide "access control at higher hierarchical levels is not 
taught or suggested by the cited prior art. 

At Argument (3) at page 41 of the Examiner's Answer, rather than responding to 
Appellants' argument, the Examiner simply restates that support for the alleged reason to 
combine can be found at column 1, lines 59-62 of the Office Action. For the reasons provided at 
page 14 of the Appellants' Brief, Appellants submit that the cited passage does not support the 
alleged reason to combine (i.e., that passwords or keys provide access control at higher 
hierarchical levels), and that obviousness has not been established. 

The Examiner then argues, without any authority, that the reference has to 
"explicitly" suggest or disclose the so-called teach away steps in order to disqualify a reference 
based on a "teach away" reasoning. 

In response, it is improper to combine references where the references teach away 
from their combination. In re Grasselli, 713 F.2d 731, 743, 218 USPQ 769, 779 (Fed. Cir. 
1983). MPEP 2145. Clearly, if a secondary reference suggests exactly the opposite of what the 
U.S.P.T.O. suggests that one skilled in the art would done to combine references, then that is a 
"teaching away." Notwithstanding this point, Carlisle et al. does explicitly "teach away" from 
the alleged motivation of providing passcodes or keys to provide access control at higher 
hierarchical levels. For example, column 5, lines 19-25 of Carlisle et al. state that "[m]ulti-user 
capability is provided by allowing Root to create a subdirectory below the root directory.... and 
to assign ownership of that subdirectory to another user. Root can then install a password for 
that user in the 'passwd' file and allow the user to enter the system at that subdirectory file". 
Here, Carlisle et al. explicitly suggests that passwords are used to access "lower" hierarchical 
levels, not higher ones as proposed by the Examiner. 

At page 14 of the Office Action, Appellants' argued that obviousness had not 
been established with respect to dependent claim 58, because there is no disclosure of first and 
second parties that have an existing business relationship and that agree to share data on a secure 
token according to agreed security controls. 

At Argument (4) starting at page 42 of the Examiner's Answer, the Examiner 
again responds by simply re-stating the passage that Appellants alleged was deficient. In 
addition, the Examiner states that Appellants have provided no definition or explanation of what 
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"share security controls" means. The Examiner suggests that "any" interaction between a gas 
provider a bank customer, and a bank would be an "agreement to share security controls" under 
the "broadest reasonable interpretation." 

The Examiner's interpretation of an "agreement to share security controls" is 
clearly "unreasonable" and not reasonable. By its plain meaning, an "agreement to share 
security controls" does not include "any" agreement between two entities. For example, an 
agreement to provide gas to an employee is not an agreement to share security controls. The 
Examiner's attempt to somehow equate this "any" type of interaction with an "agreement to 
share security controls" is clearly unreasonable and fails to take the plain language of the claims 
into account. 

At page 16 of the Office Action, the Appellants argue that modifying Deo et al. 
with an "agreement to share security controls" does not have any rational underpinning, because 
an "agreement to share security controls" allows additional access and does not further restrict 
access as proposed by the Examiner's reason to combine. 

At Argument (5) on page 44 of the Examiner's Answer, the Examiner again 
alleges, without any authority, that the reference needs to "explicitly" suggest or disclose teach 
away steps. Appellants have already addressed this point above. Appellants also wish to point 
out that it the U.S.P.T.O. must establish obviousness to reject the claims. If the rationale for 
obviousness is inconsistent with the references being cited, then it follows that the rationale 
would not have been used by the person of skill in the art at time of the invention. Consequently, 
"obviousness" would not have been established. 

At page 18 of the Appellants' Brief, the Appellants argued that obviousness had 
not been established, since the Examiner's proposed reasoning to modify Deo et al. with a 
"loyalty application" to provide "access control at higher hierarchical levels" is not rational. 

At page 45 of the Examiner's Answer, the Examiner states: 

the examiner wishes to state that the loyalty application is part of a 
hierarchical relationship with respect to access between owners 
and other parties, and as a result, the cited motivation is proper. 

In response, this passage does not make logical sense, and is not found in the prior 
art. Accordingly, obviousness has not been established. 
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At page 19 of the Appellants' Brief, the Appellants argued that all limitations of 
dependent claim 60 are not taught or suggested by the cited art. For example, "wherein the first 
application can access only that cell group while the second application can access that cell 
group and additional cell groups" is not taught or suggested by the cited art. 

In response, at Argument (6) of the Examiner's Answer, the Examiner cites the 
same passage of Carlisle et al., and alleges that Carlisle's system "clearly teaches the claimed 
second application that can access that cell group and additional cell groups since it has a general 
knowledge of, and control over, the service providers whose 'applications' are present on the 
smart card." (See page 47 of the Examiner's Answer.) 

For the reasons provided at pages 19-20 of the Appellants' Brief, Appellants 
submit that Carlisle et al. does not teach or suggest "wherein the first application can access only 
that cell group while the second application can access that cell group and additional cell 
groups." 

At page 20 of the Brief, Appellants argued that providing "[a] first application 
[that] can access only that cell group while the second application can access that cell group and 
additional cell groups" to provide "higher access control at higher hierarchical levels" has no 
rational underpinning and that the art teaches away from such a modification. 

In response, the Examiner again alleges at page 47, without authority, that the art 
must "explicitly" suggest or disclose teach away steps. 

As explained above, Appellants submit that the cited art does "explicitly" suggest 
or disclose teach away steps. 

At page 21 of the Appellants' Brief, Appellants argued that the rejection of claim 
60 and other claims is based on improper hindsight. As explained by MPEP 2142: 

To reach a proper determination under 35 U.S.C. 103, the 
examiner must step backward in time and into the shoes worn by 
the hypothetical "person of ordinary skill in the art" when the 
invention was unknown and just before it was made. In view of all 
factual information, the examiner must then make a determination 
whether the claimed invention "as a whole" would have been 
obvious at that time to that person. Knowledge of applicant's 
disclosure must be put aside in reaching this determination, yet 
kept in mind in order to determine the "differences," conduct the 
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search and evaluate the "subject matter as a whole" of the 
invention. The tendency to resort to "hindsight" based upon 
applicant's disclosure is often difficult to avoid due to the very 
nature of the examination process. However, impermissible 
hindsight must be avoided and the legal conclusion must be 
reached on the basis of the facts gleaned from the prior art. 

In the obviousness rejection of claim 60, the Examiner alleges that the one skilled in the art 
would have taken the following steps: 

i) looked to Deo et al. and decided that Deo et al. should have a plurality of 
applications on a client when there is no teaching or suggestion of such a feature in Deo et al.; 
and then 

ii) looked to Deo et al., and then decided to modify Deo et al. with passwords 
or keys, even though the purpose of a primary component in Deo et al.'s smart card would be 
defeated if keys or passwords are used, and even though Deo et al. does not indicate that there is 
anything wrong with Deo et al.'s system; and then 

iii) added a "first application [that] is associated with a first party and the 
second application [that] is associated with a second party, and wherein the first party and the 
second party have an existing business relationship and agree to share data on the secure token 
according to agreed security controls" (as recited in dependent claim 58), when no such feature 
exists in either Deo et al. or Carlisle et al., to provide "access control at higher hierarchical levels 
including subfolders and folders in order to restrict access to some providers on a smart card," 
even though an agreement to share security controls would not benefit from access control at 
higher hierarchical levels including subfolders and folders; and then 

iv) added a "loyalty application" (as recited in dependent claim 59), when no 
such feature exists in either Deo et al. or Carlisle et al., to provide "access control at higher 
hierarchical levels including subfolders and folders in order to restrict access to some providers 
on a smart card," even though a loyalty application would not benefit from access control at 
higher hierarchical levels including subfolders and folders in order to restrict access to some 
providers; and then 

v) added a "first application [that] can access only that cell group while [a] 
second application can access that cell group and additional cell groups" (as recited in dependent 



Page 7 of 9 



Application No.: 10/656,858 PATENT 
Page 8 

claim 60) when no such feature exists in either Deo et al. or Carlisle et al, and even though a 
"first application [that] can access only that cell group while [a] second application can access 
that cell group and additional cell groups" would not benefit from, and would actually teach 
away from, access control at higher hierarchical levels. 

Clearly, it would not have been "obvious" for the person of skill in the art to 
follow this sequence of events, unless one had had the benefit of Appellants' disclosure first. 
Consequently, the obviousness rejections of record are based on improper hindsight. 

At page 48 (Argument (7)) of the Examiner's Answer, in response to this 
hindsight argument, the Examiner cites the boilerplate hindsight citation from the MPEP and 
fails to analyze, at all, the inconsistent and illogical path of reasoning required to reject claim 60. 
The boilerplate hindsight citation from the MPEP is as follows: "[a]ny judgement on obviousness 
is in a sense necessarily a reconstruction based on hindsight reasoning, but so long as it takes into 
account only knowledge which was within the level of ordinary skill in the art at the time the 
claimed invention was made and does not include knowledge gleaned only from applicant's 
disclosure, such a reconstruction is proper." In re McLaughlin 443 F.2d 1392, 1395, 170 USPQ 
209, 212 (CCPA 1971). (Emphasis added.) 

Here, the five illogical steps needed to reject claim 60 do not take into account 
"only" knowledge which was within the level of ordinary skill in the art at the time of the 
invention. One viewing only Deo et al. and Carlisle et al. would not have proceeded down the 
path above, unless one had Appellants' disclosure first. This is the essence of improper 
hindsight. The illogical path of reasoning provided above suggests that the present claims were 
not examined according to the person of skill in the art at the time of the invention as required by 
35 U.S.C. 103, but were examined using an improper hindsight bias. 

In view of the above additional arguments, Appellants again request that a new 
Office Action be issued in view of the Examiner's new ground of rejection, or a reversal of the 
rejections of record. 
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Respectfully submitted, 



Date: 





Patrick R. Jewik 
Reg. No. 40,456 
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